We are committed to safeguarding your personal information.
Effective date: September 14, 2025
Applies to: The privately operated Novafuture.ai installation of the Stackposts script (“App”), used solely by the owner/operator for personal social media management (no public users, no sales/subscriptions).
Operator: Novafuture.ai (“we”, “us”, “our”)
Contact: hi (at) novafuture.ai)
This App connects only the operator’s own social media accounts to plan, create, schedule, publish, and analyze social content; manage a media library; automate posting (including via RSS); and track link clicks through a built-in URL shortener.
Because this App is for personal use only, it processes data only from social accounts that the operator explicitly connects.
A. Account connection & identifiers (via social APIs)
Basic profile and account identifiers (e.g., page/profile ID, name/username).
OAuth tokens/permissions and their expiry/refresh data.
Connected page/account metadata required to publish content or read insights.
B. Content you create or import
Captions, hashtags, scheduled times, drafts, queued posts, and RSS-fetched items.
Uploaded media (images/videos) and optional watermarks/branding.
C. Publishing & analytics
Publication status (scheduled/sent/failed), platform responses, and error logs.
Platform-provided insights/metrics for connected assets/accounts (e.g., reach, views, likes), where APIs permit.
D. Link shortener metrics
Shortened destination URLs, aggregate click counts, and basic event metadata (e.g., timestamp). (No behavioral profiling.)
E. Cookies & device data
Essential cookies/session data needed to sign in to the App admin panel and keep you logged in.
No advertising cookies and no third-party analytics are used by default.
To authenticate with platforms and maintain a secure connection (OAuth tokens).
To draft, schedule, publish, and manage your own social posts.
To fetch and display analytics & status returned by platform APIs.
To operate the link shortener functionality and show aggregate click stats.
To keep the App secure (logs, access controls, backups) and comply with platform terms.
Legitimate interests in operating a personal social management tool you control.
Performance of a contract (to provide the functionality you intentionally use).
Compliance with platform terms and applicable laws where relevant.
Social platforms you connect (e.g., Facebook, Instagram, LinkedIn, TikTok, YouTube, X) provide data via their APIs according to your granted permissions.
No sale or rental of personal information. No sharing for cross-context behavioral advertising.
Hosting & infrastructure providers (your server/host) may process data as service providers under your direction.
OAuth tokens & connected accounts: kept until you disconnect or revoke access, or until tokens expire; then deleted.
Drafts/scheduled posts/media: kept until you delete them or they’re no longer needed for posting.
Analytics/insights caches: retained only as long as necessary to display recent performance (typically ≤ 90 days).
Logs & backups: minimal and time-limited for security and recovery (typically ≤ 30–90 days), then overwritten.
We delete or de-identify data when it’s no longer needed or when you request deletion, in line with platform terms.
Because this App has no public users, these controls apply to the operator’s own accounts:
Disconnecting/revoking App access (Meta): From your Facebook or Instagram settings, remove the App under Settings → Apps and Websites (or Business Integrations for Pages). This revokes tokens.
In-App deletion: Delete scheduled posts, media, shortened links, or caches directly in the App where available.
Direct request: You can request deletion of remaining stored data (e.g., tokens, media, logs, caches) via the contact above. We will complete the deletion of locally stored App data after verifying the request and confirming deauthorization where applicable.
Data Deletion Instructions URL (for Meta App Review): This policy section serves as public instructions for data deletion as required by Meta.
OAuth tokens and credentials are stored securely and never shared publicly; access is limited to the operator.
Transport uses HTTPS/TLS when properly configured on your server.
Regular updates, least-privilege server access, strong admin passwords/2FA (where available), and minimal retention.
We never request or store your Facebook/Instagram passwords; authentication uses OAuth.
Your data is processed on your chosen hosting/server location. If your hosting is outside your jurisdiction, your data may be stored or processed there, subject to local laws.
This App is not directed to children under 16 and has no public sign-up. We do not knowingly collect personal data from children.
Use of Meta (Facebook & Instagram) data complies with Meta Platform Terms and Developer Policies. We only request permissions necessary for the features you use, and we honor revocation/deletion.
We will complete Meta’s Data Use Checkup and remove data not needed for the App’s purpose.
We may update this policy to reflect functionality or legal changes. We’ll update the “Effective date” above. Continued use after changes means you accept the updated policy.
hi (at) novafuture.ai
The easiest way to manage all my social channels in one place. It saves me hours every week!
© 2025, All Rights Reserved
